The Documentation tab pointed at jungfraujoch.readthedocs.io, which lags behind the installed version. Build the Sphinx docs into frontend/dist/docs and serve them at /frontend/docs so they always match the package. - make_doc.sh: accept an output dir (default public), absolutize it, run from the script dir, and allow $PYTHON override - package.json: add "docs" script building into dist/docs - CMakeLists: run "npm run docs" in the frontend target so CPack packs the docs via the existing dist/ install - App.tsx: point the Documentation DocFrame at /frontend/docs/index.html Also clean up the Sphinx build (911 -> 0 warnings): - fix typo myst_heading_anchor -> myst_heading_anchors so cross-doc #anchor links actually resolve - suppress myst.header/myst.xref_missing (auto-generated OpenAPI client docs only) and the harmless sphinx_material config.cache note - drop a dangling "---" transition at the end of CPU_DATA_ANALYSIS.md - add REPOSITORIES and the generated python_client model pages to toctrees Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Jungfraujoch Frontend
Building
To build web interface:
cd frontend_ui
npm install
npm run openapi
npm run build
Available Scripts
In the project directory, you can run:
npm start
Runs the app in the development mode.
The page will reload if you make edits.
You will also see any lint errors in the console.
npm test
Launches the test runner in the interactive watch mode.
See the section about running tests for more information.
npm run build
Builds the app for production to the dist folder.
It correctly bundles React in production mode and optimizes the build for the best performance.
The build is minified and the filenames include the hashes.
Your app is ready to be deployed!
npm run openapi
npm audit findings
npm audit currently reports 17 advisories (3 high, 13 moderate, 1 low). All of
them live in build-time tooling and never reach the production bundle
shipped to the browser. Summary of the chains:
| Source dep | Vulnerable transitives | When it runs |
|---|---|---|
@redocly/cli |
@opentelemetry/*, dompurify (via redoc), ws (via simple-websocket), js-yaml, protobufjs, @babel/core |
npm run redocly / redocly4broker — static OpenAPI HTML generation |
vite |
esbuild@0.27.x |
Dev server and dep pre-bundling. Production build uses Rollup. |
vite-plugin-svgr |
@babel/core, js-yaml (via cosmiconfig) |
Vite build plugin |
openapi-typescript-codegen |
js-yaml |
npm run openapi — TS client generation |
Notes on the high-severity items:
esbuildGHSA-gv7w-rqvm-qjhr is a Deno-specific RCE viaNPM_CONFIG_REGISTRY; GHSA-g7r4-m6w7-qqqr is an arbitrary-file-read in the dev server on Windows. Neither applies to a Linux build of the production bundle.wsGHSA-96hv-2xvq-fx4p only matters whensimple-websocketopens a socket, which happens during docs generation, not at runtime.
npm audit fix cannot resolve any of these without downgrading
@redocly/cli (no real fix) or jumping vite to a major that switches the
bundler to Rolldown.